Monday, January 31, 2005

Sunday, January 30, 2005

PS2 San Andreas Controller Cheats Brute Forced

You just have to love this guys ingenuity. He brute forcedSan Andreas cheats by hooking his controller up to the parallel port of his PC to automatically go through combinations of buttons. Apparently he also found cheats not yet released by Rockstar. Click here for a pic. Nice one...

Memory protection
Buffer overrun attacks are among the most common mechanisms, or vectors, for intrusion into computers. In this type of exploit, the attacker sends a long string to an input stream or control – longer than the memory buffer allocated to hold it. The long string injects code into the system, which is executed, launching a virus or worm.

Windows XP Service Pack 2 uses two general categories of protection measures to inhibit buffer-overrun attacks. On CPUs that support it, the operating system can turn on the execution protection bit for virtual memory pages that are supposed to hold only data. On all CPUs, the operating system is now more careful to reduce both stack and heap buffer overruns, using "sandboxing" techniques.

Execution Protection (NX)
On the 64-bit AMD K8 and Intel Itanium processor families, the CPU hardware can mark memory with an attribute that indicates that code should not be executed from that memory. This execution protection (NX) feature functions on a per-virtual memory page basis, most often changing a bit in the page table entry to mark the memory page.

On these processors, Windows XP Service Pack 2 uses the execution protection feature to prevent the execution of code from data pages. When an attempt is made to run code from a marked data page, the processor hardware raises an exception immediately and prevents the code from executing. This prevents attackers from overrunning a data buffer with code and then executing the code; it would have stopped the Blaster worm dead in its tracks.

Although the support for this feature is currently limited to 64-bit processors, Microsoft expects future 32-bit and 64-bit processors to provide execution protection.

Sandboxing
To help control this type of attack on existing 32-bit processors, Service Pack 2 adds software checks to the two types of memory storage used by native code: the stack, and the heap. The stack is used for temporary local variables with short lifetimes; stack space is automatically allocated when a function is called and released when the function exits. The heap is used by programs to dynamically allocate and free memory blocks that may have longer lifetimes.

The protection added to these two kinds of memory structures is called sandboxing. To protect the stack, all binaries in the system have been recompiled using an option that enables stack buffer security checks. A few instructions added to the calling and return sequences for functions allow the runtime libraries to catch most stack buffer overruns. This is a case where a little paranoia goes a long way.

In addition, "cookies" have been added to the heap. These are special markers at the beginning and ends of allocated buffers, which the runtime libraries check as memory blocks are allocated and freed. If the cookies are found to be missing or inconsistent, the runtime libraries know that a heap buffer overrun has occurred, and raise a software exception.

Saturday, January 29, 2005

A new study indicates that monkeys will actually pay to see pictures of female monkeys and male dominant ones. Excerpt:

Would you pay to see a monkey's backside? I hope not. Monkeys will, and I guess that's okay, though it sounds awfully close to the sort of thing that lands guys in jail here in the human realm.

A new study found that male monkeys will give up their juice rewards in order to ogle pictures of female monkey's bottoms. The way the experiment was set up, the act is akin to paying for the images, the researchers say.

The rhesus macaque monkeys also splurged on photos of top-dog counterparts, the high-ranking primates. Maybe that's like you or me buying People magazine.

The research, which will be detailed in the March issue of Current Biology, gets more interesting.

The scientists actually had to pay these guys, in the form of extra juice, to get them to look at images of lower-ranking monkeys.

Curiously, the monkeys in the test hadn't had any direct physical contact with the monkeys in the photos, so they didn't have personal experience with who was hot and who was not.

"So, somehow, they are getting this information by observation -- by seeing other individuals interact," said Michael Platt of the Duke University Medical Center.

Friday, January 28, 2005

Boingboing has an article on how someone was sent to jail after using Lynx & Solaris to make a donation for tsunami victims online. Excerpt:

For donating to a Tsunami appeal using Lynx on Solaris 10. BT [British Telecom] who run the donation management system misread an access log and saw hmm thats a non standard browser not identifying it's type and it's doing strange things. Trace that IP. Arrest that hacker.

Armed police, a van, a police cell and national news later the police have gone in SWAT styley and arrested someone having their lunch.

Out on bail till next week and preparing to make a lot of very bad PR for BT and the Police....

So just goes to show if you use anything other than Firefox or IE and you rely on someone else to interogate access logs or IDS logs you too could be sitting in a paper suit in a cell :(

I'm really suprised at the stupidity of the person that interpreted the log. Also how with just one log entry, the police has enough "evidence" to send a team to pick someone up.

Just another example of FUD and corporate supremacy dictating what the powers that be do. There should be an enquiry into this to make sure it doesn't happen again, as I for one don't trust corporations that are this dumb, or police that pick people up with flimsy evidence. For shame.....

On Sunday, January 9th, I flew AA51 from London Gatwick to
Dallas-Fort Worth. At Gatwick, I was confronted with a security
check that exceeded sense and decency and, I feel, creates a
terrible potential liability for your airline.

At Gatwick, I was directed to a security podium before I checking
in for my flight. The security officer asked me a series of
questions, such as:

* Where are you flying?

* How long have you owned your luggage for?

* Have any of your electronics been serviced recently?

* Why are you flying this route?

This last one was a little weird: the route I was flying had been
selected for me by the computer running www.aa.com's reservation
system, but I answered anyway, wanting to be cooperative. Then
the officer asked me where I would be staying in the USA:

"I will be staying with a friend tonight, at a hotel near LAX
tomorrow, and with a different friend in Tarzana for the rest of
the week."

The security officer then handed me a blank piece of paper and
said, "Please write down the names and addresses of everyone
you're staying with in the USA."

I actually began to write this out when I was brought up short.
"Wait a second -- since when does AA compile a written dossier on
the names and addresses of my friends? Why are you asking me
this? Do you have a privacy policy and a data-retention policy I
can inspect prior to this?"

The security officer told me that this was a Transport Security
Agency (TSA) regulation. I asked for the name or number of the
regulation, its text, and the details of the data-retention and
privacy practices in place at AA UK. The security officer wasn't
able to answer my questions, and she went to get her supervisor.

After several minutes, her supervisor appeared and said, after
introducing himself, "Sir, this is for your own protection."

I think it's pretty hard to argue that making passengers produce
written dossiers on their friends' home addresses makes planes in
the sky secure. I asked again if this was really a TSA regulation
and what AA's privacy and data-retention policies are.

The officer said, "This is a TSA regulation."

I said, "Why didn't I have to provide this information when I
flew out of Gatwick on US Air in December then?"

He said, "Well, you know that American Airlines has had some
terrible things happen to it in the past."

I asked "So the TSA wrote a special regulation for AA? What is
the name of this regulation, and what is your data-retention and
privacy policy?"

He didn't know the answer and went off to fetch the terminal
supervisor for AA.

Several more minutes passed, and then the supervisor appeared. He
had looked over my documents and said, "Sir, I'm sorry, you are a
Platinum AAdvantage member and shouldn't have been asked this
question." I thanked him and asked him if he knew what AA's
privacy and data-retention policies were. He didn't.

In the past few days, I've told this story to many friends in the
US and the UK and they've all been shocked by it. It's really
stuck in my craw, and left me with three questions for your
airline:

1. What is the AA privacy and data-retention policy?

2. Do non-Platinum flyers have to provide dossiers on their
friends on demand from an AA officer? Why?

3. Is there a TSA regulation that requires you to gather this
information? What is the number or name of that regulation and
where can I get a copy of it?

Under the UK Data Protection Act, AA is required to be
accountable for the personal information it collects from the
public. On presentation of a nominal fee of ten pounds, AA is
expected to provide a reasonable accounting of what information
it has gathered from me and how it uses that information. I
believe gathering these dossiers means that you incur this
liability not only to me, but to all of my friends, too -- in
other words, if you require me to give you my friends' name and
address, my friends also have the right to find out how you use
that information. This explodes your data-retention liability,
potentially by an order of magnitude.

I was told that I came under extra scrutiny at the podium because
I was flying from the UK to the US on a Canadian passport; that
is, a passport that doesn't come from either the origin or
destination of my flight. I fly a lot to the USA, and other
airlines don't seem to have this policy. Should I take this to
mean that if I continue to fly AA on this customary UK-US voyage
of mine, I can expect to be given a hassle every time I fly?

I'm cc'ing this note to my colleagues at the Electronic Frontier
Foundation, to my friend John Gilmore who is currently suing the
TSA over some of its regulations, and to the website I co-edit,
Boing Boing (boingboing.net), which has over 200,000 daily
readers. I will be very interested to hear your reply.

I would appreciate a response by February 1, 2005.

Thank you,

Cory Doctorow

AAdvantage Number: XXXXXXX

Now this is just going too far. I wonder how long it will take for the United States to get off it's paranoid ass and rejoin the "free" world again.

Saturday, January 22, 2005

Looks like Phrack is about to kick the bucket. The next issue will also be the last one. This for me is VERY sad news. One of the first things I did when I got an internet connection was download and print the latest issue. An excerpt from the site:

Phrackstaff is pleased to bring you _our_ LAST EVER CALL FOR PAPERS for the FINAL RELEASE of PHRACK.

We are preparing for a hardcover and ezine release at a major hacker convention near you!

We ask everyone to submit a paper. Great care will be taken to ensure that only the best articles make it into PHRACK FINAL. As usual, papers can be on any topic related to the following:

Since 1985, PHRACK MAGAZINE has been providing the hacker community with information on operating systems, network technologies and telephony, as well as relaying features of interest for the international computer underground. PHRACK MAGAZINE is made available to the public, as often as possible, free of charge.

PHRACK STAFF

Especially seeing how dumbed down the technical content of most sites/zines has become it WILL be missed. Now we only have articles catered to clueless newbies and script kiddies. This truly spells the death of the golden hacker age. Phrack, you WILL be missed :-(

Slate has an interesting article on how aacPlus is going to replace MP3 streams in the near future. The main reason for this being the small bandwidth requirements for aacPlus (48kpbs will get you decent stereo sound). An excerpt from the article:

It's a given that fat broadband lines are the future of online media. But right now, for Internet radio, the future is about slimming downcreating skinny little streams of data that don't eat up too much bandwidth. The key is a new and better audio compression format called aacPlus, or sometimes HE-AAC, which has been chosen by the industry committee that standardized MP3 13 years ago (the Motion Picture Experts Group). If you've tried to listen to online stations, you know they sound grainy if they're streamed at any less than 128 kilobits per secondmaybe 96 kbps if you're not fussy. That makes a broadband connection a must. But aacPlus sounds nearly as good as a CD, even when it's compressed enough to play through a dialup line. Don't take my word for itsee the results of the European Broadcasting Union's listener tests, in which aacPlus was deemed the "clear winner" at a dialup-friendly 48 kbps.

There could be something to this. After all, aacPlus is already used by XM satellite radio, and the smaller bandwidth needs will make these streams more viable cost wise. Also people with cable connections will be able to serve up more streams.

This can only lead to good things. For an example of aacPlus streams check out tuner2.com.

This things the most future proof receiver I've seen yet. Here's what they have to say about it:

The Future-Proof Anchor to Your Entertainment Needs

Welcome to the full potential of what a home theater reciever can be. Onkyo, the company that brought you the worlds first 7.1-channel, THX-certified receiver, now unveils what a flagship receiver should be. The TX-NR1000 provides technology and design that will impress all, from the audiophile to the casual listener. The THX Ultra2 badge on the front means that this receiver provides the guarantee of the highest quality product available. Onkyos Premium Digital concept takes on a new state-of-the-art look with the addition of HDMI (High-Definition Multimedia Interface) and i.LINK (IEEE1394) pure digital ports. All the latest encoding formatsTHX Surround EX, DTS 96/24, Dolby Pro Logic IIx, and moreare here along with the knowledge that youre ready for the future with upgradable flash memory. Onkyos exclusive Net-Tune protocol provides streaming music from your computer or Internet radio from the waves of cyberspace. So, for truly breathtaking performance and features from a receiver that truly deserves to be christened as a flagship, audition the TX-NR1000 and find out what true home entertainment is like.

Check out the above image for future proofness. I would SO buy this if I had +/- 4000 bucks to splash on a reciever ;-)

Looks like there's a company called Streambase which is about to release a new database that's nothing sort of revolutionary. For an explanation check this excerpt:

Michael Stonebraker is well-known in the database business, and for good reasons. He was the computer science professor behind Ingres and Postgres. Eighteen months ago, he started a new company, StreamBase, with another computer science professor, Stan Zdonik, with the goal of speeding access to relational databases. In "Data On The Fly," Forbes.com reports that the company software, also named StreamBase, is reading TCP/IP streams and using asynchronous messaging. Streaming data without storing it on disk as are doing other relational database software gives them a tremendous speed advantage. The company claims it can process 140,000 messages per second on a $1,500 PC, when its competitors can only deal with 900 messages per second. Too good to be true? Read more...

Here are some excerpts from the Forbes article.

"Relational databases are one to two orders of magnitude too slow," says Stonebraker, who is chief technology officer at Streambase, a 25-person outfit based in Lexington, Mass. "Big customers have already tried to use relational databases for streaming data and dismissed them. Those products are non-starters in this market."

In a recent pilot program, Streambase was able to analyze 140,000 messages per second, while a leading relational database -- Stonebraker won't say which one -- could handle only 900 messages per second. Streambase has 12 customers now testing its software, all of them financial services companies that need to analyze rapid-fire ticker feeds and other streaming data.

Unlike traditional database programs, Streambase analyzes data without storing it to disk, performing queries on data as it flows. Traditional systems bog down because they first store data on hard drives or in main memory and then query it, Stonebraker says.

Wow, if someone open sources this it will reign in a whole new era of databases. Real time analyzing large chunks of data will be a reality.

Friday, January 21, 2005

Just saw this hack that turns an old rotary phone into a cell phone. Pretty cool. Pretty retro. Excerpt:

Yes, you read it right. Port-O-Rotary. We've gone and hacked into a rotary phone.

I find myself talking about nerd things with my friends and peers who could usually careless. Every once and a while, someone who really doesn't have a clue, says something so crazy, it makes you take a step back. I can't remember who had the idea of a rotary cell phone - needless to say it had something to do with quite a few rum and cokes. They didn't have a clue how to do it, they just thought it would be cool. So did I...

Why wouldn't it be cool to see a rotary phone, ringing, with no wires attached? It might mess with your brain a bit.

Turns out I am very glad there is no such thing as a cellular rotary phone - the dialing takes forever! And here in Colorado - on a 10-digit dialing system - you don't dare mess up the number.

So here it is - a portable cellular rotary phone - in all it's random glory!

Thursday, January 20, 2005

The Sun has an interesting interview with David Duchovny where they talk about all sorts of things X Files related, including the movie. According to him it will definately be made. Better yet, there will be a whole series of movies, Star Trek style. An excerpt:

THE truth is still out there - and X Files agents Mulder and Scully are on their way back to discover it.

In an exclusive interview David Duchovny, who played Fox Mulder in the cult sci-fi TV series for eight years, told us he and the shows creator Chris Carter are planning on making a sequel to their 1998 movie.

The 44-year-old said: "Its always been my desire to turn The X Files into a film franchise.

"Were hoping to get together just under a year from now and make another X Files movie.

"Chris is working on the script right now with Frank Spotnitz, who was one of the writers on the show.

"Gillian Anderson who played Dana Scully hasnt signed yet, but wed need to have her on board.

"When Ive talked to Chris about the film, weve both said we want to start filming in winter 2005 and bring it out in the summer of 2006."

Wow. I so hope he's right. I can't wait for a new movie. The rest of the interview is also interesting BTW, well worth a read.

Wednesday, January 19, 2005

Dutch Ministry of Defence to tap satellite communications

I just read a piece at Bits of Freedom that the dutch MoD wants to buy land next to Xantics (daughter company of KPN Telecom) satellite ground station to listen into satellite communications. The article:

Monday, January 17, 2005

Don't touch my shit

Today some degenerate human beings stole my car radio. The only console I have is that I wasn't the only one. While reporting it at the police station I found out that my whole street had been ripped off. At least on the plus side my car wasn't ruined, unlike the rest of the neighbourhood who's car locks all have to be replaced.

Yup, looks like someone has finally created a box to hook your phone up to your computer so you can use it with Skype. Excerpt:

Put the telephone back in Internet telephony! The Actiontec Internet Phone Wizard combines the best of both worlds – the ease and convenience of your regular phone and the zero cost of Internet calls. Until now, you had to sit in front of your computer and wear uncomfortable headsets to make Internet calls. Or you had to choose between completely separate user experiences between using a regular phone or Internet phone. The Internet Phone Wizard with Skype makes all of these problems a thing of the past. Simply connect your computer to the Internet, pick up your phone,and begin dialing as you’ve always done - without any worry of a huge phone bill. The Internet Phone Wizard with Skype makes it easy and fun to call any Skype user in the world for free, and everyone else at low SkypeOut rates.

Seems that someone has taken the time to write a HOWTO on overclocking your Texas Instruments calculator. An excerpt:

Expansion and upgrades are becoming more and more popular as knowledge about the internal workings of the TI graphing calculators continues to grow. Years ago I accelerated my own TI-85 (original instructions by Boris Lutz and Keith L. Miller). Curently, the TI-81, TI-82, TI-83, TI-85, TI-86, TI-89, TI-92,a nd TI-92 Plus can be accelerated. The 81, 85 and 86 can be accelerated to approximately 2-3x their normal speed, about 18 MHz. The TI-82 and TI-83 can also be accelerated to about 1.5-2x normal speed. They only about double their speed to around 12 MHz. The TI-89 and 92 can be accelerated to around 20 MHz!

My TI is just gathering dust at the moment. Could be a nice project for a rainy day.

The BBC reports a disturbing piece on possible American special forces already inside Iran. Excerpt:

The American investigative journalist Seymour Hersh has claimed that US commandos are operating inside Iran selecting sites for future air strikes.

In the latest edition of the New Yorker, Hersh says intelligence officials have revealed that Iran is the US' "next strategic target".

Hersh says that American special forces have conducted reconnaissance missions inside Iran for six months.

Potential targets include nuclear sites and missile installations, he says.

They have been aided by information from the government of Pakistan, Hersh adds.

He reports as well that American special forces units have been authorised to conduct covert operations in as many as 10 nations in the Middle East and South Asia.

If this is true this is VERY disturbing news. If Amercian's think that Iraq is hell, wait until they get a taste of Iran.

In contrast to Iraq, Iran has an army 100% loyal to their leadership. A lot of them also have 8 years battle experience from the Iran-Iraq War. Also another crucial point is that Iran hasn't been crippled by 12 years of sanctions.

If the Americans dare attack Iran the Shia's in Iraq won't be too happy either. Neither will Muslims the whole world over. I REALLY hope this isn't true, and that someone stops Bush and his cronies before they can do something like this and further push the world into chaos.

Saturday, January 15, 2005

For the past few months I've been playing with Gentoo as my workstation OS. This after being a die hard Debian fan for years.

The reason I've made the switch is Gentoo Portage system. Being modelled after the BSD ports system I LOVE it. Also, it's other plus point is being able to compile stuff optimized for you system.

Debian I love for it's clean & lean(for linux anyway) system & apt-get. While apt-get isn't as extensive as ports, it's much more convinient to use, and keeps your system up to date very well.

Well I have now seen the light. There's now an app called apt-build. For more information check out this excerpt:

Since the arrival of the very first versions of Gentoo, some people have announced that "Debian is good, but that's not optimized for [distribution in which you run make all the time]". And this is wrong, you are free to recompile software you use on Debian, using the apt system. Downloading a tarball, uncompressing it, running configure scripts and make install, is an easy task for every Linux user, but this is not adapted for the Debian package management system. Stow was a way which worked without too much effort, but compiled programs were not really integrated in the apt dependancies. The ultimate solution is to use apt-build to recompile a software already packaged for Debian.

The article further explains how to configure and use the said app. If this really works this well I think I'll be moving back to Debian soon, as Gentoo sometimes still feels a bit too messy to me.

Thursday, January 13, 2005

Engadget has just written a review on the iPod Shuffle. As it doesn't have much functionality, the review isn't that long. Their conclusion:

Now that it's all charged up and we've had a chance to use it, here's a few initial impressions:

We love Autofill. It makes the shuffle even more random since you never even know what will wind up on your Shuffle. Sure, you can narrow it down to music from a playlist, or do it all manually, but where's the fun inthat?

We're spoiled by Firewire. The USB 2.0 moved the songs onto the iPod Shuffle pretty quickly, but it's not the song per second speed of the regular iPod over Firewire.

Apple claims 120 songs probably fit on the 512 MB version. We managed to fit 110, but we have lots of 160 and 192 kbps mp3 files.

This thing is tiny - and light. You'll never feel it around your neck or in your pocket. It's like a stick of gum, not a pack. Just be sure not to leave it in your jeans when you wash them.

The controls take a second or two to get used to, then you never think about them again.

The sound is great. It's easily as loud and seems to be more clear with better bass response than our 3G iPod.

George Ou has written an nice overview in his column on Asterisk. An excerpt:

As the commoditization and open sourcing of operating systems and applications continue to disrupt the software companies, telephony vendors have so far enjoyed a relative calm in the closed and proprietary phone systems market with substantial profit margins. That could now all be turned on its head with the proliferation of open source VoIP and PBX software. There are now a handful of these open source telephony platforms such as OpenPBX and Pingtel, but one of the most interesting is Asterisk, which even has its own communication protocol IAX in place of SIP for unified signaling and data transport.
.....
Although it’s easy to think of Asterisk as just another VoIP server, that couldn’t be further from the truth. Asterisk is an extremely flexible communications platform that can serve as a VoIP Signaling Server, a Media Gateway (allows IP telephony to interface with analog phones, fax machines, or PSTN lines), a traditional analog or TDM-based PBX phone system, voice mail, IVR, Unified Messaging, and too many other things to list! For example, you can build a phone system that can support 72 analog telephones or fax machines, 100 IP hard or soft phones on site or remote, a T1 line to the public telco for 23 simultaneous external PSTN connections, multiple IP-based IAX trunks to multiple remote offices for seamless toll-bypass 4-digit dialing, IVR, and almost unlimited voice mail for everyone – for under $6,000 in a 1U chassis. Such a price point is easily 10 or more times cheaper than a commercial alternative. Here is a graphic illustration of such a system

Asterisk is a very cool piece of software. No doubt a lot of asterisk based voip providers will pop up this year. I can't wait to get some free time to play with it.

Wednesday, January 12, 2005

Some people in Holland are collecting money for a firefox ad in the Dutch newspaper, "De Telegraaf" to heighten firefox awareness. The idea of course is inspired by the succesfull ad placed in the New York Times.

The cost of the Ad is about 53.000 euros for a single page colour advertisement and 36.000 euros for a black & white one. At the time of typing they've collected 455,58 euros, so they still have a long way to go. Only for open source would people go this far....

Looks like the guys at arstechnica have written the first review I could find on the Mac mini. Here follows an excerpt from the conclusion and the benchmark used:

It's clear that the xMac performs considerably faster than both my iBook, which cost me $200 more than an xMac, and nearly as fast as my wife's PowerBook, which cost four times as much and is less than a year-old (and that makes me want to cry). Beyond that, it appears that Timothy McVeigh would have enough time for an orgasm before dying, if someone who likes doing “jobs” could help him out, and, as always, benchmarks really only matter to people who argue about computers.

This is going to be a good year for Apple

The year has just started and already apple is about to release two mouth watering pieces of hardware.

First of all the the much anticipated Mac mini which I have written about before:

Here are some specs:

Processor and memory

1.25GHz or 1.42GHz PowerPC G4 processor with Velocity Engine

512K on-chip level 2 cache at full processor speed

167MHz system bus

256MB of PC2700 (333MHz) DDR SDRAM, expandable to up to 1GB5

Storage

40 or 80GB Ultra ATA hard disk drive1

One of the following optical drives:

Slot-loading Combo drive (DVD-ROM/CD-RW): reads DVDs at up to 8x speed, writes CD-R discs at up to 24x speed, writes CD-RW discs at up to 16x speed, reads CDs at up to 24x speed

Optional SuperDrive (DVD±RW/CD-RW): writes DVD-R discs at up to 4x speed, writes DVD-RW discs at up to 2x speed, writes DVD+R discs at up to 4x speed, writes DVD+RW discs at up to 2.4x speed, reads DVDs at up to 8x speed, writes CD-R discs at up to 16x speed, writes CD-RW discs at up to 8x speed, reads CDs at up to 24x speed

Size and weight

Height: 2 inches (5.08 cm)

Width: 6.5 inches (16.51 cm)

Depth: 6.5 inches (16.51 cm)

Weight: 2.9 pounds (1.32 kg)4

At 499 euros, I really hope that this performs decently with OSX doing day to day stuff as this would definatley make a sweet workstation. I guess we'll have to wait until the first reviews trickle out until we find out.

Also released is Apples new iPod shuffle, a flash based mp3 player the size of a pack of chewing gum. The thing doesn't have a display and plays songs in a random order every time you switch it on. Specs follow:

The BBC reports that Philip Cummings, a 35 year old British national has been sentenced to 14 years imprisonment for identity fraud. This for information he got as a computer helpdesk employee. An excerpt:

A Briton involved in what is believed to be the largest identity theft case ever has been sentenced to 14 years in prison by a New York judge.

Philip Cummings, 35, used his job as a computer helpdesk employee to steal personal information from more than 30,000 unwitting customers.

He passed credit card and other stolen details on to other criminals.
......
Losses have been estimated to be between $50m (£38m) and $100m (£76m).

Cummings, who is still free on bail, must report to prison on 9 March. He is also due to pay compensation to be agreed at a later date.

This just goes to show how many (sometimes not so honest) people you have to share your data with in todays world. I suspect this sort of thing will just get worse as we keep shipping these sorts of jobs overseas.

The less people are paid and the farther away they are from the people they could rip off, the more they are inclined to do it. This is human nature.

Tuesday, January 11, 2005

Seems that Sky & Telescope have written an article on the do's & dont's of pointing lasers in the sky. This of course, referring to the "terrorist threat" we are now seeing form the humble laser pointer. An excerpt that shows how FUD works at it's best:

A recent addition to the backyard astronomer's toolkit has been flagged as a potential weapon in the terrorist's arsenal. The humble laser pointer, used by thousands of skygazers to show beginners the way to stars and constellations, is coming under fire from US federal and state authorities following several recent incidents in which laser beams have "painted" aircraft in flight.

In the most notorious case, on January 4, 2005, a New Jersey man was arrested after allegedly shining a laser at a small passenger jet on approach to a nearby airport. The suspect claims he had been showing his daughter around the night sky, using his laser pointer to direct her gaze at particular stars and planets. Now he faces a possible jail term and six-figure fine. The incident sparked a media frenzy, with many articles appearing alongside other news from the War on Terror.

This sort of thing really makes me question peoples intelligence. How people just swallow the tripe without using common sense I will never know. Anyway, just for all the clueless masses out there, some obvious don'ts for laser pointing:

Laser pointers are designed to illuminate inanimate objects. Never shine a laser pointer toward any person, aircraft, or other vehicle. Never look directly into the beam of a laser pointer of any type.

Do not allow children to use a pointer unsupervised. Laser pointers are not toys. If your telescope is equipped with a laser pointer that has a "constant-on" setting, do not leave the instrument unattended with the laser switched on.

Do not aim a laser pointer toward mirrors or other shiny surfaces. The reflected beam may inadvertently strike someone in the eye.

Do not aim a laser pointer skyward if you hear or see an aircraft of any kind flying overhead.

Be aware of irresponsible uses of pointers so that the psychological effect will be minimized if you happen to be illuminated by one.

Do not purchase a laser pointer if it does not have a "caution" or "danger" sticker on it identifying its class. Report suspicious devices to the authorities.

French security researcher Guillaume Tena, who is working at Harvard University, faces 4 months in prison after being sued by Tegam for reverse engineering its Viguard antivirus software and publishing exploit codes for a number of vulnerabilities. According to a ZDNet article, he could also be sued by Tegam for 900,000 euros in damages. An excerpt from the article:

A French security researcher who published exploit codes that could take advantage of bugs in an anti-virus application, could be imprisoned for violation of copyright laws.

In 2001, French security researcher Guillaume Tena found a number of vulnerabilities in the Viguard antivirus software published by Tegam. Tena, who at the time was known by his pseudonym Guillermito, published his research online in March 2002.

However, Tena's actions were not viewed kindly by Tegam, who initiated legal action against the researcher. That action resulted in a case being brought to trial at a Court in Paris, France. The trial kicked off on January 4 after being deferred from its initially scheduled start date of October 5, 2004. The prosecution claims that Tena violated article 335.2 of the code of the intellectual property and is asking for a four month jail term and a 6,000 euro fine. Additionally, Tegam is proceeding with a civil case against Tena and asking for 900,000 euros in damages.

This is REALLY going the right way. Point out someone elses mistakes and you go directly to jail. When will the law overcome stupidity and stop wasting time with stuff like this?

If someone points out a building is about to collapse because of its design wouldn't people be outraged is he/she was fined? People need to learn that reverse engineering software for finding exploits iis the same thing. I can only see this sort of thing getting worse....

Monday, January 10, 2005

Today I just watched the final part of Martian Successor Nadesico (for all you anime people : Yes, I know, I should be ashamed that I haven't seen it until now). A brief description of the plot follows:

The aliens have destroyed our base on Mars, wiped out our space fleets, and now, only one ship stands between Earth and total annihilation! Disgusted by the incompetence of Earth's military, the independent arms manufacturer Nergal has built its own space battle cruiser. But due to the shortage of trained soldiers, they've had to assemble the most unorthodox crew to ever launch into orbit. With a cook who's also a pilot and an Admirals's daughter in command, the new starship is the most formidable fighting vehicle ever conceived. But before it can see action against the Jovian invaders, the crew must win their first victory against their own species as they fight off a ruthless attempt by Earth's military to seize the Nadesico! Get ready for the wildest space adventure ever in the amazing new series that was voted the "Best Anime Show Of All Time"* by Japanese animation fans, MARTIAN SUCCESSOR NADESICO!

All in all an excellent series. The parodies of mecha series (it even parodies itself on occasion) are hillarious. After watching Neon Genesis for the 2nd time it was nice to watch something upbeat and funny. If you're looking for a funny anime or want to introduce one of your friends to anime you could do a lot worse than show him/her this. A full 5/5. Excellent.

Friday, January 07, 2005

While there are already several options for iPod owners who want to listen to tunes in their cars — ranging from cheapo FM transmitters and casette adaptors to the infamous tricked-out BMW — the market is about to get a whole lot more crowded.

Pioneer, Clarion and Alpine are all at CES showing off new direct-connect units that will work with new and existing car audio systems.

Prices will range from as little as $100 to as much as $2,000 for Clarion’s previously announced VRX755VD (an update to its current iPod-incompatible VRX745VD), which will include a 7-inch touchscreen that will display song information, playlists and, presumably, a warning that motorists should keep their eyes and hands off of it while driving.

Technocract.net has written a review of a 100 miliwatt transmitter meant for home use. With this thing you can transmit whatever's on your PC all around the block. Quite cool I must say. An excerpt:

The unit is made by FMKit and sold on eBay. It was shipped via priority mail and arrived very quickly. It's specified as having an output of over 300 miliwatts, which would put it outside of Part 15 regulations in the U.S. Not wanting to get in a hassle with the FCC that could lose me my ham license, I used a menu setting to turn it down to 100 mW.

It broadcasts in stereo or mono. Selecting mono will turn off the 19 KHz stereo pilot and increase the range a bit. Frequency, power level, audio input levels, AGC, and stereo pilot level can all be set via memu, and there are 4 stored frequencies.

Thursday, January 06, 2005

EasyShare-One is an innovative new camera for Kodak that gives its users the ability to share images via Wi-Fi enabling online and email picture sharing without a computer. It is a 4 megapixel camera with a large 3 inch swivel touch screen display and 3x Optical Zoom. The Easyshare-One features VGA video mode (30 frames per second) as well as storage of up to 1500 downsized favorite images on its 256 megabytes of internal memory.

The Kodak Easyshare-one will be in stores in June of 2005 and will be priced at $599. More details will be released closer to its release but in the mean time learn more about the Easyshare-one from Kodak from their news release which is following.

Of course, to actually get on a wireless network, a special card is required for the camera, and the firmware has yet to support WEP, so one has to wait until a Q3 2005 update to join most authenticated networks. Still this is one cool gadget.

Three words: Hang the bastard. Just shows how the American Army tolerates psychopaths. While I'm sure they're not all this bad, how come this sort of thing hardly happens with troops of other nationalities?

Looks like Hitachi is planning to release a whopping 500 GB Hard Disk in the first quarter of this year. This would be the biggest till now! Excerpt:

Hitachi, the world's No. 2 maker of hard drives, is looking to propel its 3.5-inch line of drives commonly used to store desktop computer files into new markets for storing massive quantities of data captured by personal video recorders.

But instead of the 40 hours of video, on average, that a standard 80-gigabyte hard-drive might store in a Tivo-type digital video recorder, the new drives can hold 200 hours -- half a terabyte, or more than 500 billion bits of data.

Soon a videolan server to stream all my DVDs in full quality could be feasible ;-)

Tuesday, January 04, 2005

If you don't know who this guy is, he's the one who founded the GNU Project in 1984, and the Free Software Foundation in 1985. He also originally authored a number of well known and highly used development tools, including the GNU Compiler Collection (GCC), the GNU symbolic debugger (GDB) and GNU Emacs. The interview covers a wide range of topics, from rms's early years, to his current role in the Free Software Foundation. He discusses the current state of GNU/Hurd, the problems with non-free software, and much more. Read it and see what the father of free software has to say.

The EveryBody Is Crazy blog writes that bandwidth is what's going to kill Microsoft in the end, as it is still making client centric software. While I don't agree with all that he says, he makes some good points.

An excerpt:

At present, we find ourselves in a situation unprecedented in all history – the average person, in charge of a machine of such complexity that it can calculate anything he or she would want to know in mere seconds. This is almost an untenable situation; this average person often has no idea how to fix the computer when it breaks, and no idea even how to perform the most basic maintenance on it to prevent such breakage. It’s also vulnerable to hackers, phishing schemes, and hosts of other plagues.

With a car, for instance, this exposure to complexity is a necessary state of affairs. With inevitably increasing bandwidth, this is definitely not a necessary state of affairs for computers, and the time of the personal computer as we know it will soon be at an end, I think.

Most users have no desire to be the system administrators of their machines, and would gladly turn that task over to someone else for a nominal fee. As bandwidth increases, telcos, cable companies, and others will be in the perfect position to become application service providers for the average home user, and said average home user will gladly accept this, as long as the price isn’t too high. I see this as almost inevitable.

With caching, smart usage of bandwidth, latency reduction strategies, etc., most users would hardly notice the difference between an application being provided remotely over a high-bandwidth connection and being provided locally by a spyware- and virus-infested home PC with inadequate memory.

In fact, given the above conditions, and a high-bandwidth connection, the ASP might actually seem faster to many users.

Sunday, January 02, 2005

It seems that Matt Blaze (of NSA Clipper Chip fame) has written a paper on how safe security works and how safe techniques could help computer security. An excerpt:

This paper is a general survey of safe and vault security from a computer science perspective, with emphasis on the metrics used to evaluate these systems and the weaknesses that cause them to fail. We examine security against forced, covert and surreptitious safe opening, focusing on the mechanical combination locks most commonly used on commercial safes in the US. Our analysis contrasts the philosophy and tools of physical security with those of information security, especially where techniques
might be profitably applied across these disciplines.

Well, there goes another case of how security through obscurity doesn't work.

Wired writes that animals seem to be able to sense when natural disasters are about to happen. No dead animals from the Tsunami have been found yet in Sri Lanka. An excerpt:

JOHANNESBURG -- Wild animals seem to have escaped the Indian Ocean tsunami, adding weight to notions they possess a sixth sense for disasters, experts said Thursday.

Sri Lankan wildlife officials have said the giant waves that killed over 24,000 people along the Indian Ocean island's coast seemingly missed wild beasts, with no dead animals found.

"No elephants are dead, not even a dead hare or rabbit," said H.D. Ratnayake, deputy director of Sri Lanka's Wildlife Department. "I think animals can sense disaster. They have a sixth sense. They know when things are happening."

The waves washed floodwaters up to two miles inland at Yala National Park in the ravaged southeast, Sri Lanka's biggest wildlife reserve and home to hundreds of wild elephants and several leopards.

"There has been a lot of anecdotal evidence about dogs barking or birds migrating before volcanic eruptions or earthquakes. But it has not been proven," said Matthew van Lierop, an animal behavior specialist at Johannesburg Zoo. "There have been no specific studies because you can't really test it in a lab or field setting."

Other authorities concurred with this assessment. "Wildlife seem to be able to pick up certain phenomenon, especially birds ... there are many reports of birds detecting impending disasters," said Clive Walker, who has written several books on African wildlife.

Animals certainly rely on the known senses such as smell or hearing to avoid danger such as predators. The notion of an animal sixth sense -- or some other mythical power -- is an enduring one which the evidence on Sri Lanka's battered coast is likely to add to.

The Romans saw owls as omens of impending disaster and many ancient cultures viewed elephants as sacred animals endowed with special powers or attributes.

The tsunami was triggered by an earthquake in the Indian Ocean Sunday, killing tens of thousands of people in Asia and East Africa.

Just goes to show you that animals actually do have a 6th sense for these sort of things. Too bad it obviously can't be tested in the lab.